Top line findings:
- CAPEX: The deployment cost for hardware one time password (OTP) is $202,000 vs. smart device-based software at $9,000, representing a 95 per cent decrease in cost
- Replacement costs: Hardware OTP replacement costs are over 90 per cent more expensive than all software based approaches
- Annual cost per user: SMS OTP is the highest annual cost per user at $35, when compared to $15 for smart device-based software
- Software-based: Smart device-based software is at least 60 per cent less expensive than all other software based approaches in terms of annual costs per user
Today, authentication methods are predominantly hardware-based and usually take the form of a small device or token that provides a one-time-password (OTP) that an employee uses to access enterprise or cloud services. The need for employee authentication is increasing in importance with the emergence of the bring your own device (BYOD) phenomenon.
The BYOD trend is growing, and employees are demanding access to enterprise applications quickly and securely, no matter where they are or what device they are using. A solution that allows access to these services regardless of the device, location or network in a secure manner is invaluable to enterprise IT managers, says Sarah Wallace, Analyst for Heavy Reading.
Encaps study analysed the average cost of the six most prevalent approaches to authentication for a large enterprise with 3,000 users over a three year period. These include hardware approaches such as hardware OTPs and smart tokens (a USB or smart card), as well as software such as smart device-based software, mobile OTP (usually an app), PC OTP (via a web-browser) and SMS OTP. All of the approaches are two-factor authentication where the user requires something they have (a card or token) and something they know (password or PIN) to gain access.
Encap Enterprise Authentication Study Top Line Results
| Costs (all USD) | Smart Device Software | Hardware OTP | Smart token (Smart card/USB) | Mobile OTP soft token | PC OTP soft token | SMS OTP |
| Total deployment cost | 9,000 | 202,000 | 181,000 | 127,000 | 127,000 | 82,000 |
| Total cost of ownership | 135,900 | 301,075 | 277,975 | 217,075 | 217,075 | 316,075 |
| Annual total cost per user | 15.10 | 33.45 | 0.89 | 24.12 | 24.12 | 35.12 |
Having invested in remote access and cloud apps, enterprises must do everything possible to simplify speedy and secure access. Smart device software authentication turns smart devices enterprise or employee-owned into security credentials at an unbeatable price point, said Thomas Bostrm Jrgensen, CEO of Encap. Our study shows that the time for hardware-based authentication has passed – it is just too expensive when compared with the alternatives.
But this is about more than just cost, continued Jrgensen. Employees people – want simple access across a range of devices. Similarly, IT managers want to easily integrate authentication without painful provisioning and replacement issues. Hardware approaches are incompatible with todays world of smart devices, remote access and cloud apps. Its time for a change.